--On Mittwoch, 17. Dezember 2003 10:09 +0100 Henrik Nordstrom
<hno@squid-cache.org> wrote:
> On Tue, 16 Dec 2003, Paul wrote:
>
>> Can squid (squid-2.5.STABLE1-2 running under RH9 Linux) be
>> configured to handled *chained* SSL certificates (e.g. from
>> FreeSSL.com) for SSL to HTTP gatewaying? Before I purchase
>> chained cert (much cheaper than usual certs), I'd like to hear
>> from anyone who has direct experience.
>
> Squid-3 or Squid-2-5 + SSL update patch it should if you simply add the
> chain to the certificate file.
>
> Squid-2.5 without the SSL update patch does not support certificate
> chains unless you modify the source to use
> SSL_CTX_use_certificate_chain_file instead of
> SSL_CTX_use_certificate_file.
We tried this first, but found that this only works if you do not use
"unchained" certs on other ports with the same squid. Which we do. Which we
found out a bit too late... ;-)
Jan
>
> Regards
> Henrik
>
>
Received on Wed Dec 17 2003 - 10:46:01 MST
This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:15 MST